RE: HIPAA privacy and people - comparison to 42 C.F.R. Part 2 (Al cohol and Drug Patient Privacy)
You are absolutely correct that there is much in HIPAA than what is in 42 C.F.R. Part 2. Isn't it nice that SAMHSA et al are being so timely with their assistance? The Legal Action Center, a well-known, well-respected non-profit based in New York that has done a lot of work in interpreting 42 C.F.R. Part 2, is also supposed to be coming out with a "cross-walk" supplement, but if people are not already working on this, well ... If anyone is interested, I can give you contact information for the Legal Action Center. Darrell Rishel, J.D. Director of Information Services Arapahoe House, Inc. This message is not legal advice or a binding signature. > -Original Message- > From: Vicki Hohner [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 22, 2003 12:13 PM > To: Darrell Rishel; [EMAIL PROTECTED] > Subject: RE: HIPAA privacy and people - comparison to 42 C.F.R. Part 2 > (Alcohol and Drug Patient Privacy) > > > I have been doing a lot of work with substance abuse programs > and HIPAA, > and while not deeply familar with 42 CFR protections we have > identified > that there are limited areas of overlap with HIPAA privacy. > Many subject > to 42 CFR mistakenly believe that the fact that they comply with this > law, which is more stringent in its use and disclosure requirements, > means they are exempt from complying with HIPAA. However, note that > there are only a few overlaps between the two: primarily with uses and > disclosures/minimum necessary, authorizations, and some > limited parts of > individual rights. This leaves a lot more under HIPAA that is not > addressed in 42 CFR--all the policies and procedures, the privacy > officer, business associate terms, the notice of privacy > practices, and > accounting of disclosures, to name a few. Note also that the > definitions > of what information is protected is broader under HIPAA than under 42 > CFR. > > My understanding is that the feds (SAMHSA/CSAT) are working on a > comparison matrix between the two--no idea when that may be > available. > > Vicki Hohner > FOX Systems, Inc. > 360-970-6856 > 360-352-4584 > Information transmitted is confidential and may be proprietary to FOX > Systems, Inc. It is intended only for the person or entity > to which it > is addressed. Anyone else is prohibited from disclosing, copying, or > disseminating the contents or attachments. If you receive this in > error, please notify sender immediately, or us at www.foxsys.com and > delete from your system. > >>> Darrell Rishel <[EMAIL PROTECTED]> 01/20/03 08:57 AM >>> > Matt- > > I'll take a stab at answering your question. Please remember > that in an > effort to keep it relatively brief, this is a fairly simplistic, > high-level > overview. > > Under 42 C.F.R. Part 2 (which I'll refer to as the AOD (Alcohol and > Other > Drugs)regs), disclosure within a "program" is allowed on a > need-to-know > basis without the consent of the patient. This "internal" > disclosure is > limited to "personnel having a need for the information in connection > with > their duties which arise out of the provision of diagnosis, treatment, > or > referral for treatment." In practice, I think this is very > close to, if > not > the same as, the HIPAA "use" definition. Although the AOD regs do not > require a formal minimum necessary analysis, the concept of only > disclosing > the minimum amount of information necessary to accomplish the purpose > for > making the disclosure is clearly embedded in the regs. > > It is the disclosure to external entities where, especially with the > adoption of the August, 2002, HIPAA changes, a wide gap > remains between > the > two sets of regs. While HIPAA allows treatment providers to > disclose PHI > for > treatment and payment (even another provider's payment) without the > patient's written consent, the AOD regs absolutely prohibit such > disclosures > related to payment, and disclosures for treatment (except for medical > emergencies) require that a written agreement be in place and that the > services which the external provider render be something > different than > what > the primary provider is providing. This written agreement is known in > the > AOD regs as a Qualified Service Organization Agreement (QSOA, for > short). A > QSOA is akin to a BA agreement, though much shorter and less > complicated, > charachteristics which are, unfortunately, soon to be a thing of the > past. > While a QSOA can be used in limited circumstances for treatment (the > biggest > problem is that we cannot have one with another AOD > provider), its most > common use is for operations, just as the HIPAA BA agreement will be > used > (e.g., we have a QSOA with our auditor, or outside attorneys, the > company > which prints and sends out our bills, the lab which analyzes the urine > specimens we collect, etc.). But, if we want to be able to bill an > insurance > company or any other third party payer, we have to have the patient's > writte
HIPAA Privacy question regarding business associate agreements
I am hopeful that by posting this information to the listserv's I can get input from states about how they are approaching the "access, amendment and accounting" requirements of the HIPAA Privacy rule through their business associate contracts. These are my questions: 1) Are any states delegating the responsibility to provide access, amendment and or accountings through their business associate agreements? 2) If you are, what are the pros and cons that you identified regarding doing this? For example: I know that if we delegate these functions, we may lose control over these functions but on the other hand we often don't maintain the designated record sets where this information is maintained, our business associates do. In some cases we have no control over information contained in our business associates designated record sets. If we proceed with the language in the contract that we are using (similar to the language in the template that HHS gave us) we could potentially create a huge burden to overcome in order to meet the obligations that we are laying out through the development of these agreements. We are often not a point of contact for many of the providers who receive services that we contract to various business associates. We could potentially create an administrative burden for us to track requests for access to designated record sets maintained by our business associates, to make amendments to records we don't own, and to provide an accounting of information our business associates hold on our behalf. Any input that might help us make decisions regarding this, would be greatly appreciated. CMS has presented guidance that addresses this issue and they have identified the fact that covered entities may want to consider imposing the requirement to provide access and to make amendments on their business associates especially if the information in need of access or amendment is maintained by a business associate. The guidance further identifies the fact that an accounting may be imposed on the BA by a covered entity. Because each relationship with business associates will be unique and will vary regarding a covered entities access to information maintained by the business associates, I think we need to carefully consider how we develop these agreements. I believe we need to be flexible in our language so that we can dictate when we will provide access, make the requested and agreed to amendments and when we will assume the responsibility to provide the accounting and when we will require these things of our business associates. The FAQ's from OCR dated December 3, 2002 on BA's has a question and answers directly related to this issue, the last sentence for each answer addresses the ability for covered entities to delegate these functions to our business associates, it reads as follows: "Q: Does the HIPAA Privacy Rule require a business associate to provide individuals with access to their protected health information or an accounting of disclosures, or an opportunity to amend protected health information? A: The Privacy Rule regulates covered entities, not business associates. The Rule requires covered entities to include specific provisions in agreements with business associates to safeguard protected health information, and addresses how covered entities may share this information with business associates. Covered entities are responsible for fulfilling Privacy Rule requirements with respect to individual rights, including the rights of access, amendment, and accounting, as provided for by 45 CFR 164.524, 164.526, and 164.528. With limited exceptions, a covered entity is required to provide an individual access to his or her protected health information in a designated record set. This includes information in a designated record set of a business associate, unless the information held by the business associate merely duplicates the information maintained by the covered entity. Therefore, the Rule requires covered entities to specify in the business associate contract that the business associate must make such protected health information available if and when needed by the covered entity to provide an individual with access to the information. However, the Privacy Rule does not prevent the parties from agreeing through the business associate contract that the business associate will provide access to individuals, as may be appropriate where the business associate is the only holder of the designated record set, or part thereof. Under 45 CFR 164.526, a covered entity must amend protected health information about an individual in a designated record set, including any designated record sets (or copies thereof) held by a business associate. Therefore, the Rule requires covered entities to specify in the business associate contract that the business associate must amend protected health information in such records (or copies) when requested by the covered entity. The covered entit
Re: to sign or not to sign
Traci, My vote's for the round file. Any lawyers out there feel free to chime in. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Traci Winter To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, January 22, 2003 02:49 PM Subject: to sign or not to sign OK so the next question is do we sign these BACs or just put them in the round file. Your answers reflected what my impression was, but I wanted reinforcement. Thanks, Traci Winter---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
to sign or not to sign
OK so the next question is do we sign these BACs or just put them in the round file. Your answers reflected what my impression was, but I wanted reinforcement. Thanks, Traci Winter --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: Business Associates
Traci, It looks to me like someone's trying to cover all bases with a shotgun approach (run it up the flagpole and see who salutes) . My understanding is that you wouldn't need a BAC any more than a surgeon's office needs one with a Primary Care Physician referring a patient to them. This is Covered Entity to Covered Entity for the purposes of Treatment. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Traci Winter To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, January 22, 2003 12:47 PM Subject: Business Associates Hey everyone, I know this topic has been hashed out like crazy but I find myself confused. As a homecare agency we receive our business via referrals from health care facilities and MD offices. We are not providing services on behalf of these entities. It was my understanding that we wouldn't be considered BAs of these CEs but, due to receiving a BAC in the mail today, I find that I am now unsure Help . Traci Winter Hospitals Home Health Care, Inc. Special Projects Coordinator, Privacy Official---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: HIPAA privacy and people - comparison to 42 C.F.R. Part 2 (Alcohol and Drug Patient Privacy)
I have been doing a lot of work with substance abuse programs and HIPAA, and while not deeply familar with 42 CFR protections we have identified that there are limited areas of overlap with HIPAA privacy. Many subject to 42 CFR mistakenly believe that the fact that they comply with this law, which is more stringent in its use and disclosure requirements, means they are exempt from complying with HIPAA. However, note that there are only a few overlaps between the two: primarily with uses and disclosures/minimum necessary, authorizations, and some limited parts of individual rights. This leaves a lot more under HIPAA that is not addressed in 42 CFR--all the policies and procedures, the privacy officer, business associate terms, the notice of privacy practices, and accounting of disclosures, to name a few. Note also that the definitions of what information is protected is broader under HIPAA than under 42 CFR. My understanding is that the feds (SAMHSA/CSAT) are working on a comparison matrix between the two--no idea when that may be available. Vicki Hohner FOX Systems, Inc. 360-970-6856 360-352-4584 Information transmitted is confidential and may be proprietary to FOX Systems, Inc. It is intended only for the person or entity to which it is addressed. Anyone else is prohibited from disclosing, copying, or disseminating the contents or attachments. If you receive this in error, please notify sender immediately, or us at www.foxsys.com and delete from your system. >>> Darrell Rishel <[EMAIL PROTECTED]> 01/20/03 08:57 AM >>> Matt- I'll take a stab at answering your question. Please remember that in an effort to keep it relatively brief, this is a fairly simplistic, high-level overview. Under 42 C.F.R. Part 2 (which I'll refer to as the AOD (Alcohol and Other Drugs)regs), disclosure within a "program" is allowed on a need-to-know basis without the consent of the patient. This "internal" disclosure is limited to "personnel having a need for the information in connection with their duties which arise out of the provision of diagnosis, treatment, or referral for treatment." In practice, I think this is very close to, if not the same as, the HIPAA "use" definition. Although the AOD regs do not require a formal minimum necessary analysis, the concept of only disclosing the minimum amount of information necessary to accomplish the purpose for making the disclosure is clearly embedded in the regs. It is the disclosure to external entities where, especially with the adoption of the August, 2002, HIPAA changes, a wide gap remains between the two sets of regs. While HIPAA allows treatment providers to disclose PHI for treatment and payment (even another provider's payment) without the patient's written consent, the AOD regs absolutely prohibit such disclosures related to payment, and disclosures for treatment (except for medical emergencies) require that a written agreement be in place and that the services which the external provider render be something different than what the primary provider is providing. This written agreement is known in the AOD regs as a Qualified Service Organization Agreement (QSOA, for short). A QSOA is akin to a BA agreement, though much shorter and less complicated, charachteristics which are, unfortunately, soon to be a thing of the past. While a QSOA can be used in limited circumstances for treatment (the biggest problem is that we cannot have one with another AOD provider), its most common use is for operations, just as the HIPAA BA agreement will be used (e.g., we have a QSOA with our auditor, or outside attorneys, the company which prints and sends out our bills, the lab which analyzes the urine specimens we collect, etc.). But, if we want to be able to bill an insurance company or any other third party payer, we have to have the patient's written consent (in fact, we cannot even call to get pre-authorization without written consent; how's that for customer friendly?). If we want to refer the patient to another health care provider, of whatever type, or consult with another provider (like their primary care provider) who has seen the patient, we must have the patient's written consent unless the situation fits within the pretty narrow exception where a QSOA can be used and we have (or can get) one in place (the logistics and pain of trying to get a QSOA with all of those providers, which make doing so pretty impracticle). The requirements in the AOD regs for a valid written consent are very similar to those for a HIPAA authorization: who is disclosing the information, to whom is the information being disclosed, what information is being disclosed and why is it being disclosed, there must be a reasonble, identifiable expiration date, the patient must be able to revoke the consent at any time (one specific exception here for persons referred by an element of the criminal justice system where treatment is a part of the disposition), the name of the patient, the patient's signature
Business Associates
Hey everyone, I know this topic has been hashed out like crazy but I find myself confused. As a homecare agency we receive our business via referrals from health care facilities and MD offices. We are not providing services on behalf of these entities. It was my understanding that we wouldn't be considered BAs of these CEs but, due to receiving a BAC in the mail today, I find that I am now unsure Help . Traci Winter Hospitals Home Health Care, Inc. Special Projects Coordinator, Privacy Official --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: EMS and the NPP
Don, I consult with some of the nations largest Fire/EMS departments for HIPAA. I advise several different ways. Non-transports require a treat and release signature from a patient. A copy of NPP can be printed on the back or separately, but they should make a “reasonable attempt” to provide the NPP. What you don’t say is how they are activated. If they are activated via 911, this is an emergency response, not requiring an NPP as the call is emergency, not routine, in nature. I also advise departments that do the billing to include the NPP in the billing statement, just like the Credit Card companies do. Hope that helps. Chris Brancato -Original Message- From: Ribelin, Donald [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 21, 2003 8:03 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: EMS and the NPP An interesting question from our EMS HIPAA rep yesterday: When EMS treats and transports an accident victim to another hospital (one not part of our enterprise), should we give them a copy of our NPP? One of the underlying issues centers on our management of EMS in several counties. While most of the patients involved end up at FirstHealth facilities (where they would receive a copy of the NPP once their condition allowed), a significant minority are transported to other hospitals. On first look my response is that the receiving facility would be responsible for providing the patient with a copy of their NPP. But is that the case? I would like the group’s comments, opinions and citations re: the whole ems issue. I am also looking forward to OCR’s clarifications on these issues. Donald L. Ribelin HIPAA Project Manager Firsthealth of the Carolinas (910) 215-2668 [EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: OCHA
We are doing an Administrative Policy that the Med Exec Committee will approve. The policy states that they agree to abide by our Joint Notice of Privacy Practices. HIPAA does NOT require you to "designate" yourselves as an OHCA, unlike Affiliated Entity status which does. I believe that the Privacy Reg defines a relationship that already exists and therefore you are only left with finding a "method" of documenting that the medical staff agree to abide by the joint notice. To try and get them all to sign an agreement sounds like a tracking nightmare to me. - Original Message - From: "Nancy Jones" <[EMAIL PROTECTED]> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> Sent: Wednesday, January 22, 2003 8:54 AM Subject: OCHA > I want to find the easiest method (that complies with the law) for > documenting an OCHA with our physicians. Does this mean I need > individual written agreements between our hospital and each physician > with privileges? If so, is anyone willing to share a sample, as I can't > find one anywhere. > > Or can this be done by simply revising the Medical Staff Bylaws and > including a declaration that an organized health care arrangement exists > between the docs and the hospital, and that we have jointly designed a > NPP? > > Some area hospitals are asking their docs to sign Confidentiality > Statements on top of everything else. This seems too much to me. > > Any guidance will be greatly appreciated. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
OCHA
I want to find the easiest method (that complies with the law) for documenting an OCHA with our physicians. Does this mean I need individual written agreements between our hospital and each physician with privileges? If so, is anyone willing to share a sample, as I can't find one anywhere. Or can this be done by simply revising the Medical Staff Bylaws and including a declaration that an organized health care arrangement exists between the docs and the hospital, and that we have jointly designed a NPP? Some area hospitals are asking their docs to sign Confidentiality Statements on top of everything else. This seems too much to me. Any guidance will be greatly appreciated. begin:vcard n:Jones;Nancy tel;work:Nacogdoches Memorial Hospital x-mozilla-html:FALSE org:Nacogdoches Memorial Hospital adr:;;1204 N. Mound Street;Nacogdoches;Texas;75961; version:2.1 email;internet:[EMAIL PROTECTED] title:Director of Compliance fn:Nancy Jones end:vcard --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org